Cyber Threats Surge: Worm Code Leaked, AI Agents Hacked

Michael Miller · 2026-06-11

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit sitting in a public repo, a $5,000-a-month remote access trojan (RAT) that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Criminal mule networks run like SaaS platforms. They have dashboards, support tickets, and refund policies. It's not your grandpa's cybercrime anymore. ### The Supply Chain Attack Kit in Plain Sight Security researchers found a complete attack toolkit hosted on a public GitHub repository. It wasn't hidden or obfuscated. It included scripts for credential theft, privilege escalation, and lateral movement. Anyone could fork it and target software vendors. This isn't just a code leak. It's a playbook for supply chain compromise. Attackers can inject malicious code into legitimate software updates. When customers download the update, they get infected. The kit makes it easy for low-skill criminals to launch high-impact attacks. ### The $5,000-a-Month Browser Cloning RAT A new RAT is making waves. It costs $5,000 per month to rent. That's steep, but it comes with features that justify the price. It can clone browser profiles, steal cookies, passwords, and session tokens. It bypasses two-factor authentication by hijacking active sessions. Targets include cryptocurrency wallets, banking portals, and email accounts. The RAT uses encrypted channels to exfiltrate data. It's designed to evade detection by antivirus tools and endpoint detection systems. ### AI Agents Phished for Real Credentials Researchers demonstrated that AI agents can be manipulated into leaking sensitive information. They used social engineering tactics to trick the agents into revealing login credentials and API keys. The agents couldn't distinguish between legitimate requests and malicious ones. This is a wake-up call for companies deploying AI assistants. Without proper safeguards, these agents become attack vectors. They can be used to extract data, execute commands, or pivot to other systems. ### Why Mule Networks Look Like Legitimate Businesses Mule networks are the backbone of money laundering in cybercrime. They recruit people to move stolen funds through bank accounts. What's changed is how professional they've become. These networks have: - Recruitment portals with application forms - Training materials and onboarding videos - Payment systems with automated payouts - Customer support via encrypted messaging apps They operate like staffing agencies. Mules get paid per transaction. The networks use disposable accounts and cryptocurrency to avoid detection. Law enforcement struggles to keep up. ### What This Means for Security Professionals The convergence of these trends is alarming. Supply chain attacks are easier to execute. RATs are more sophisticated. AI agents are vulnerable. And the criminal infrastructure is industrialized. Security teams need to: - Monitor public repositories for leaked tools targeting their supply chain - Deploy advanced endpoint detection that can identify browser cloning behavior - Implement strict access controls and session management for AI agents - Train employees to recognize social engineering attacks targeting AI systems - Collaborate with financial institutions to disrupt mule networks ### The Takeaway Cyber threats are evolving faster than defenses. The lines between nation-state actors, organized crime, and lone wolves are blurring. Everyone is using the same tools and techniques. Don't assume your security stack will catch everything. Assume breach. Verify all updates. Monitor AI agent behavior. And remember: if the criminals can run their operations like SaaS, you need to run your security like a business. Stay vigilant. Patch your systems. And keep learning.